>>>>> "Tomasz" == Tomasz Chmielewski <[EMAIL PROTECTED]> writes:
Tomasz> Well, perhaps it suffices if WPKG service is started as a
Tomasz> domain user, or WPKG path uses domain user credentials.
Tomasz> Then, Windows should take care of all security issues for
Tomasz> us - no need to reinvent anything here, if the operating
Tomasz> system already does it?
Tomasz> And Brian - what kind of tests did you really make?
Unfortunately not.
I setup a Samba server, not in a domain, and configured to map any bad
password to the guest user, with the same name as a server that was in
the domain.
The client computer was a domain member and logged into the domain.
I ensured that the genuine server was off-line, and from the client
computer, I established a connection to the fraudulent server.
Windows did not offer any errors or warnings that the computer I was
connecting to was fraudulent or that it was connecting as a guest user
instead of the (expected) authenticated user.
--
Brian May <[EMAIL PROTECTED]>
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
wpkg-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wpkg-users
